The human cost of cybersecurity attacks
By Chris Ross
Email attacks are on the rise. Our recent global email security report, which surveyed 660 IT stakeholders at organisations around the world, discovered over the past year, 82% of organisations have faced an attempted email-based security threat. Moreover, 74% would describe email attacks’ impact on their organisation as significant.
In the aftermath of an email attack, the focus often centres around the resulting financial and reputational damage companies face. Its effect is usually measured by dollars and pounds.
Sometimes, it can be easy to forget cyber security’s human cost. However, a 2018 survey found people working in technology actually reported a 78% increase in mental-health related illness compared to the previous year. While it can be hard to pinpoint root causes, it’s hard to imagine the recent increase in cyber attacks has helped this issue.
EMEA is suffering under the weight of email attacks
Given that, according to Verizon, 90% of cyber attacks enter via email, we wanted to investigate the effects of email attacks in particular on the wellbeing of IT teams. Interestingly, the impact of email threat attacks is bigger among organisations in the EMEA region.
The pressure starts as soon as emails are flagged as suspicious. EMEA IT teams receive far more suspicious emails than the global average (even though the majority of these turn out to be false alarms), with 7% receiving over 50 per day and a third (32%) receiving between six and 50 per day.
The time taken to identify and respond to email reports on this scale is taking its toll on IT teams’ productivity and stress levels. 81% admitted spending over 30 minutes investigating and remediating each email attack, while 47% spend over an hour.
Understandably, this has had a detrimental impact on stress and anxiety levels, with over a third – 38% – blaming email attacks for higher levels of stress felt at work. Senior IT leaders were most likely to suffer this impact.
Worse still, the pervasive effects of email attacks also affect IT professionals outside the workplace, with 38% worrying about email attacks outside of working hours and 16% cancelling personal plans due to an attack. Additional stress comes from the potential reputation damage that comes from successful attacks, which 32% admit is a concern.
And why is this particularly felt in the EMEA region? Well, organisations based here are most at risk to spear phishing attacks, with nearly half – 48% – of companies from the EMEA region falling victim to spear phishing attacks in the past year.
The impact of spear phishing attacks on the reputation of organisations in EMEA is much higher compared to other regions too; 39% of EMEA respondents reported damage to their reputation over the past year, compared to the global average of 27%.
Are email attacks your organisation’s Achilles heel?
A lack of faith in their company’s security levels threatens to further reinforce IT professionals stress levels. Despite email being utilised by organisations since the 1990s, a massive 94% of respondents confessed that it is still the most vulnerable part of their company’s security posture. More than half – 52% – of EMEA respondents claimed that the security in their organisation is unlikely to have improved in the last year, compared to the global average of 63%.
This stress was compounded by a lack of security awareness training. 29% of respondents stated they received security training just once a year, with 7% claiming that they had never received training or that they weren’t sure.
Without adequate training proceedings, email attacks are destined to continue to succeed. Successful security requires a combination of innovative technology and effective training.
A brighter future
The stress and anxiety felt by IT teams is further compounded by the current cyber skills shortage. Not only are IT teams constantly on ‘red alert’, but they are also spread thinly, due to the demand for security professionals outstripping the supply.
The answer? Invest in your IT professionals and cyber security posture, and they will invest in you. Be it the right tools, the right training or more, it’s clear EMEA organisations have far to go to bridge the gap and turn their employees into an effective line of defence as part of a wider holistic email protection strategy.
Companies that invest in an email protection strategy that includes both technical solutions, such as automated incident response tools, as well as a regular and in-depth security awareness training, will benefit from a happier and more productive IT workforce.